{"id":27918474,"url":"https://github.com/ajvondrak/squelch","last_synced_at":"2025-05-06T18:22:37.461Z","repository":{"id":59156204,"uuid":"344618070","full_name":"ajvondrak/squelch","owner":"ajvondrak","description":"Squelch squelches SQL","archived":false,"fork":false,"pushed_at":"2021-05-11T00:17:40.000Z","size":47,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-16T04:48:14.491Z","etag":null,"topics":["pii","ruby","sql"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ajvondrak.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-04T21:46:13.000Z","updated_at":"2021-05-11T00:17:42.000Z","dependencies_parsed_at":"2022-09-13T20:11:29.714Z","dependency_job_id":null,"html_url":"https://github.com/ajvondrak/squelch","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajvondrak%2Fsquelch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajvondrak%2Fsquelch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajvondrak%2Fsquelch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ajvondrak%2Fsquelch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ajvondrak","download_url":"https://codeload.github.com/ajvondrak/squelch/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252741746,"owners_count":21797077,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pii","ruby","sql"],"created_at":"2025-05-06T18:22:36.866Z","updated_at":"2025-05-06T18:22:37.440Z","avatar_url":"https://github.com/ajvondrak.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Squelch\n\n[![build](https://github.com/ajvondrak/squelch/workflows/build/badge.svg)](https://github.com/ajvondrak/squelch/actions?query=workflow%3Abuild)\n[![coverage](https://coveralls.io/repos/github/ajvondrak/squelch/badge.svg?branch=main)](https://coveralls.io/github/ajvondrak/squelch?branch=main)\n[![docs](https://inch-ci.org/github/ajvondrak/squelch.svg?branch=main)](https://inch-ci.org/github/ajvondrak/squelch)\n[![gem](https://badge.fury.io/rb/squelch.svg)](https://badge.fury.io/rb/squelch)\n\nSquelch squelches SQL!\n\n```sql\n-- Before\nINSERT INTO users(name, address, phone) VALUES (\"John Doe\", \"1600 Pennsylvania Ave\", \"867-5309\");\n\n-- After\nINSERT INTO users(name, address, phone) VALUES (?, ?, ?);\n```\n\nThis gem is a purposefully simple string obfuscator. It aims to replace every data literal in a SQL query with a `?` placeholder, as though it were a prepared statement. The result should still be readable SQL, but without the risk of leaking potentially sensitive information.\n\nThe code was originally adapted from the [`NewRelic::Agent::Database::ObfuscationHelpers`](https://github.com/newrelic/newrelic-ruby-agent/blob/f0290ab6468ad205dd014d63c794883dc47eebe7/lib/new_relic/agent/database/obfuscation_helpers.rb) in the [newrelic\\_rpm](https://rubygems.org/gems/newrelic_rpm) gem. By abstracting out these low-level implementation details, the hope is that Squelch can empower other libraries to easily sanitize their SQL logs.\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem \"squelch\"\n```\n\nand then install it with `bundle install`.\n\nAlternatively, you could install it to your system's gems with:\n\n```console\n$ gem install squelch\n```\n\n## Usage\n\n### Basic interface\n\nThe main API is the `Squelch.obfuscate` method, which takes in your SQL string and returns an obfuscated version of it.\n\n```ruby\nSquelch.obfuscate(\"SELECT * FROM social_security_cards WHERE number = 'pii';\")\n\n#=\u003e \"SELECT * FROM social_security_cards WHERE number = ?;\"\n```\n\nThis method is powered by regular expression patterns, some of which correspond to particular database systems. For example, Postgres supports a unique [dollar quoting](https://www.postgresql.org/docs/13/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING) syntax, while Oracle has its own [Q quoting](https://livesql.oracle.com/apex/livesql/file/content_CIREYU9EA54EOKQ7LAMZKRF6P.html) syntax. If possible, try to always supply the optional `db:` keyword parameter with a symbol corresponding to your RDMS. The currently supported options are `:mysql`, `:postgres`, `:sqlite`, `:oracle`, and `:cassandra`, but any other option will fall back safely to a generic default pattern.\n\n```ruby\nSquelch.obfuscate(\"SELECT * FROM credit_cards WHERE number = $pii$ ... $pii$;\", db: :postgres)\n\n#=\u003e \"SELECT * FROM credit_cards WHERE number = ?;\"\n```\n\n```ruby\nSquelch.obfuscate(\"SELECT * FROM phones WHERE number = q'\u003cpii\u003e';\", db: :oracle)\n\n#=\u003e \"SELECT * FROM phones WHERE number = ?;\"\n```\n\n### Handling errors\n\nWhen there's an issue with squelching the SQL, we don't want to risk using the problematic results that might still be leaking PII. The error-safe `Squelch.obfuscate` method returns a single `?` placeholder in the event of an issue, but Squelch has the error-raising variant `Squelch.obfuscate!` as well.\n\n```ruby\nSquelch.obfuscate(\"SELECT * FROM table WHERE pii = 'a string missing a closing quote;\")\n\n#=\u003e \"?\"\n```\n\n```ruby\nSquelch.obfuscate!(\"SELECT * FROM table WHERE pii = 'a string missing a closing quote;\")\n\n#=\u003e Squelch::Error: Failed to squelch SQL, delimiter ' remained after obfuscation\n```\n\nIf you rescue the `Squelch::Error`, you can access the problematic obfuscation result in `Squelch::Error#obfuscation`.\n\n```ruby\nbegin\n  Squelch.obfuscate!(\"SELECT * FROM users WHERE id = 12345 AND name = 'Mister Danglin' Quote';\")\nrescue Squelch::Error =\u003e e\n  e.obfuscation\nend\n\n#=\u003e \"SELECT * FROM users WHERE id = ? AND name = ? Quote';\"\n```\n\n## Documentation\n\nFull API documentation can be found [on RubyDoc.info](https://rubydoc.info/github/ajvondrak/squelch/main).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajvondrak%2Fsquelch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fajvondrak%2Fsquelch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fajvondrak%2Fsquelch/lists"}